7547 matches found
CVE-2026-27751
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement t...
MAL-2026-1089 Malicious code in randomstringgen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9fc95ea566ad1938f7f75123eee2d8b3365bf55f06d7aa8a5f569f5e4c696132 Using the provided function results in exfiltrating the current running file likely the user's script to the hardcoded location. --- Category: MALICIOUS - The...
Malicious code in randomstringgen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9fc95ea566ad1938f7f75123eee2d8b3365bf55f06d7aa8a5f569f5e4c696132 Using the provided function results in exfiltrating the current running file likely the user's script to the hardcoded location. --- Category: MALICIOUS - The...
CVE-2026-21660
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
MAL-2026-1084 Malicious code in socketxio (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0ebdf2a14543a49aa2f1b1fdeb5a713a43da8326a370249ca370d9023283fb31 Using the provided function results in exfiltrating Discord tokens to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent,...
CVE-2026-27167
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...
CVE-2026-27167 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...
CVE-2026-27167
Gradio, in versions 4.16.0 through 6.5.x, running outside Hugging Face Spaces enables mocked OAuth routes when OAuth components are used. Visiting /login/huggingface causes the server to fetch its HF token via hugggingface_hub.get_token() and store it in the visitor’s session cookie, which is sig...
EUVD-2026-9040
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement t...
CVE-2026-27751
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement t...
CVE-2026-27751
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement t...
Exploit for CVE-2025-70342
CVE-2025-70342: Credential Interception via Named Pipe in eras...
EUVD-2026-9020
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
CVE-2026-21660
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
CVE-2026-21660
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
CVE-2026-21660 Johnson Controls-Frick Quantum HD-Hardcoded Email Credentials Saved as Plaintext in Firmware
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
CVE-2026-21660 Johnson Controls-Frick Quantum HD-Hardcoded Email Credentials Saved as Plaintext in Firmware
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
CVE-2026-21660
Summary: CVE-2026-21660 affects Frick Controls Quantum HD firmware prior to 10.22, with hardcoded email credentials stored in plaintext. This can lead to unauthorized access, exposure of sensitive information, and potential system compromise. The Red Hat advisory and related sources corroborate t...
PT-2026-22326
Name of the Vulnerable Software and Affected Versions Frick Controls Quantum HD versions prior to 10.22 Description A security issue exists in Frick Controls Quantum HD where email credentials are hardcoded and saved in plaintext within the firmware. This can lead to unauthorized access, exposure...
PT-2026-22405
Name of the Vulnerable Software and Affected Versions Gradio versions 4.16.0 through 6.5.9 Description Gradio is a Python package for rapid prototyping. Applications running outside of Hugging Face Spaces, versions 4.16.0 through 6.5.9, improperly handle OAuth components like gr.LoginButton...